There is a present IT safety alert for lighttpd. You can discover out what the dangers are, which merchandise are affected and what you are able to do right here.
Federal Office for Security in Information Technology (BSI) reported a lighttpd safety advisory on May 22, 2024. Linux, UNIX and Windows working programs and the open supply lighttpd product are affected by a safety vulnerability.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability may be discovered right here: National Vulnerability Database CVE-2024-3708 (From 22 May 2024). Some helpful hyperlinks are listed later on this article.
lighttpd safety discover – danger: medium
Risk stage: 3 (reasonable)
CVSS Base Score: 5.3
CVSS provisional rating: 4,6
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of vulnerabilities in pc programs. The CVSS commonplace makes it attainable to check potential or precise safety dangers based mostly on numerous metrics to create a precedence listing for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of the vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. For short-term impact, body circumstances that will change over time are thought of within the take a look at. According to CVSS, the chance of the vulnerability talked about right here is evaluated as “inside” with a base rating of 5.3.
lighttpd Bug: Vulnerability permits denial of service and data achieve
lighttpd is an open supply net server.
A distant, unknown attacker might exploit a vulnerability in lighttpd to trigger a denial of service or expose delicate info.
Vulnerabilities are recognized by a novel CVE (Common Vulnerabilities and Exposures) serial quantity. CVE-2024-3708 on the market.
Systems affected by the lighttpd vulnerability at a look
Operating programs
Linux, UNIX, Windows
Products
Open Source lighttpd
Common steps to handle IT safety gaps
- Users of affected programs ought to keep up-to-date. When safety holes are recognized, producers are required to repair them shortly by growing a patch or workaround. If safety patches can be found, set up them instantly.
- For info, see the sources listed within the subsequent part. This typically comprises extra details about the most recent model of the software program in query and the provision of safety patches or efficiency ideas.
- If you have got any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to often examine if IT safety alert Affected producers present a brand new safety replace.
Manufacturer details about updates, patches and workarounds
Here you can find some hyperlinks with details about bug studies, safety fixes and workarounds.
National Vulnerability Database CVE-2024-3708 vom 2024-05-22 (22.05.2024)
For extra info, see:
GitHub Advisory Database vom 2024-05-22 (22.05.2024)
For extra info, see:
Version historical past of this safety alert
This is the primary model of this lighttpd IT safety discover. If updates are introduced, this doc shall be up to date. You can examine modifications or additions on this model historical past.
May 22, 2024 – First model
+++ Editorial notice: This doc is predicated on present BSI information and shall be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
observe News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you can find scorching information, present movies and a direct line to the editorial staff.
kns/roj/information.de